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(57) Abstract 

System, method and mobile station for implementing a secure transaction. The system comprises a mobile communication network 
(MN), a service provider (SP) communicating with the mobile communication network^ a mobile station (MS) communicating with the 
mobile communication network (MN) and via it with the service provider (SP), said mobile station (MS) comprising a subscriber identity 
module (SIM), and a service application (APP) stored in the subscriber identity module (SIM), said mobile station (MS) communicating 
with the service provider (SP) over the mobile communication network (MN). The system further comprises means (1) for transferring the 
material needed in the transaction into the mobile station (1), and means (1) in the mobile station (MS) for presenting the material to the 
user. According to the invention, the system further comprises means (3) for requesting the user's acceptance of the material for signature, 
means (4) for activating a PIN inquiry if the user accepts the material, means (5) for checking the correctness of the PIN code entered by 
the user in the subscriber identity module, and means (6) for encrypting and/or signing the material using the service application stored in 
the subscriber identity module if the PIN code entered by the user is correct. 
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METHOD AND SYSTEM IN A TELECOMMUNICATION SYSTEM 

The present invention relates to telecommuni- 
cation systems. In particular, the invention concerns 
an advanced method and system of a new type that al- 
5 lows the receiver of a service to safely and flexibly 
accept the material needed in a transaction via 
his/her mobile station. 

BACKGROUND OF THE INVENTION 

10 In prior art, a known practice is to use a 

digital mobile station in a communication system, such 
as the GSM system (Global System for Mobile communica- 
tions, GSM) , for commercial transactions, such as pay- 
ing a bill or remitting a payment, by electronic 

15 means. Patent specification US 5,221,838 presents a 
device which can be used for making a payment. The 
specification describes an electronic payment system 
in which a terminal capable of wireless and/or wired 
data transfer is used as a payment terminal. The ter- 

20 minal described in the specification comprises a card 
reader, a keyboard, a bar code reader for data input 
and a display for presentation of payment information. 

Patent specification WO 94/11849 presents a 
method for utilization of telecommunication services 

25 and for performing payment transfers via a mobile 
telephone system. The specification describes a system 
comprising a terminal which communicates over a tele- 
communication network with a service provider's main- 
frame computer containing the service provider's pay- 

30 ment system* A terminal in the mobile telephone net- 
work, i.e. a mobile station, can be provided with a 
subscriber identity unit which contains information 
required for subscriber identification and encryption 
of telecommunication traffic. The information can be 

35 read into the terminal for use in mobile stations. As 
an example, the specification mentions the GSM system, 



in which a SIM card (Subscriber Identity Module, SIM) 
is used as a subscriber identity unit. 

In the system described in specification WO 
94/11849, the mobile station communicates with a base 
transceiver station in the mobile communication net- 
work. According to the specification, a connection is 
set up from the base transceiver station further to a 
payment system and the amount to be paid as well as 
the data required for subscriber identification are 
transmitted to the payment system. In the bank service 
described in the specification, the client inserts a 
bank service card containing a SIM unit into a GSM 
network terminal. In the telephone based bank service, 
the terminal may be a standard GSM mobile station. Us- 
ing the method described in the specification it is 
possible to use a wireless telecommunication connec- 
tion for remitting payments and/or paying bills or im- 
plementing other corresponding bank services. 

A problem in the prior-art solutions is that 
they do not pay attention to the reliability of: a pay- 
ment transaction carried out by means of a mobile sta- 
tion. It is important that the application 1 in the mo- 
bile station which makes the payment transaction pos- 
sible should verify the user's authenticity separately 
for each transaction. When a mobile station is used 
for remitting a payment, it is important that both the 
payer and the payee can rely on the system. The payer 
needs to know exactly what he is paying for, how much 
he is paying, to whom he is paying, and so on. On the 
other hand, the receiver of the payment needs to know 
with certainty that the payer has expressed his will 
for the remittance of the payment. 

Digital signature, which is considered a gen- 
eral requirement in electronic payment, is used for 
verification of the integrity of the material trans- 
mitted and the authenticity of the sender: A digital 
signature is generated by encrypting a hash code com- 



puted from the material to be transmitted, using the 
sender's secret key. Since nobody else knows the 
sender's secret key, the receiver, when decrypting the 
information using the sender's public key, can ascer- 
tain that the material is unchanged and that it has 
been generated by the sender. An example of the algo- 
rithm used in digital signature is the RSA encryption 
algorithm, which is a public and private key encryp- 
tion system and which is also used for the encryption 
of messages. 

OBJECT OF THE INVENTION 

The object of the present invention is to 
eliminate the problems described above or at least to 
alleviate them. A specific object of the invention is 
to disclose a new type of method and system for ac- 
cepting material needed in a transaction separately 
for each transaction. In this context, 'material' may 
refer to many types of electronically interpretable 
message, notice or data structure of various contents. 
The material may consist of object type or software 
object type information which can be processed in an 

electronic form. 

A further object of the invention is to dis- 
close a simple method for implementing commercial 
transactions, such as paying bills and banking, by 
means of a mobile station, a method that can be easily 
implemented with modern technology. 

SUBJECT OF THE INVENTION 

The invention concerns a method for imple- 
menting a secure transaction by means of a mobile sta- 
tion which comprises a subscriber identity module and 
a service application stored in the subscriber iden- 
tity module. The mobile station communicates with a 
service provider via a mobile communication network. 



The mobile communication network may be a GSM network. 
In the method, the material needed in the • transaction 
is transferred into the mobile station and the mate- 
rial is presented by means of the mobile station. Af- 
ter that, according to the invention, the user is 
asked to give his/her approval for signature of the 
material, a PIN inquiry is activated in the mobile 
station if the user accepts the material, the PIN code 
entered by the user is checked for correctness in the 
subscriber identity module, and, if the PIN code given 
by the user is correct, the material is encrypted 
and/or signed using the service application stored in 
the subscriber identity module. 

In an embodiment of the invention, if the 
user of the mobile station does not accept the mate- 
rial needed in the transaction for signature or if 
three successive entries of the user's PIN code are 
incorrect, then a reject message is sent to the serv- 
ice, provider having generated the material. The mate- 
rial can be generated using a pre-agreed form overlay 
in which the essential information is filled in before 
its being transferred into the mobile station, or us- 
ing some other mutually agreed and known data struc- 
ture . 

In the foregoing, a procedure has been de- 
scribed in which the client accepts the material 
he/she sees on the display of the mobile station, 
which material, after being accepted, is sent to the 
service provider, such as a bank. The client or mobile 
station user may communicate locally with an automatic 
payment machine or equivalent, in which case the pay- 
ment machine transmits to the client the material in- 
tended to be accepted. In this case, the client ex- 
changes messages locally with the payment machine and 
the payment machine transmits the digital signature 
information further. The local communication can be 



performed without necessarily using a mobile communi- 
cation network. 

From the payment traffic it is handling, the 
payment machine can infer that the client has accepted 
the service and payment form presented. Thus, the ma- 
chine can serve the client locally in the manner de- 
sired and approved by the client, without necessarily 
expecting the bank's approval for it. In practice, the 
situation corresponds to the normal practice when a 
client pays for products or services using his/her 
bank card e.g. at a cash desk in a store and the store 
provides the products/services to the client without 
contacting the bank to verify the authenticity of the 
payment . 

The material may also be encrypted before be- 
ing transferred into the mobile station, in which case 
the material has to be decrypted before being signed. 
In this way, it is possible to make sure that only the 
intended mobile station will receive the material 
transmitted and to guarantee security of the informa- 
tion . 

In one embodiment, the mobile station may be 
required to be started in signature mode before the 
material is transferred into it. In practice, this may 
mean that the user has to enter another predetermined 
PIN code with which the mobile station has been con- 
figured to start in a predetermined signature mode. 
Thus, a kind of local authentication can be used. 

The invention also concerns a system for im- 
plementing a secure transaction using a mobile sta- 
tion, said system comprising a mobile communication 
network, a service provider communicating with the mo- 
bile communication network, and a mobile station com- 
municating with the mobile communication network and 
over the network with the service provider. The mobile 
station comprises a subscriber identity module and a 
service application stored in the subscriber identity 



module. The mobile station preferably communicates 
with the service provider via the mobile communication 
network. The system additionally comprises means for 
transferring the material needed in the transaction 
into the mobile station. These means may be imple- 
mented in the mobile communication network and in the 
mobile station e.g. using a short message service or 
using a local link, e.g. an infrared link or a Blue- 
tooth link. A more detailed description of the Blue- 
tooth technology is presented e.g. on WWW page 
\AAA/w.bluetoothxom . In addition, the mobile station com- 
prises means, such as a display, for presenting the 
material to the user. 

According to the invention, the system com- 
prises means for requesting the user's acceptance of 
the material, means for activating a PIN inquiry if 
the user accepts the material, means for verifying the 
PIN code supplied by the user in the subscriber iden- 
tity module, and means for encrypting and/or signing 
the material using the service application stored in 
the subscriber identity module if the PIN code given 
by the user is correct. 

Moreover, the system may further comprise 
means for sending a reject message to the service pro- 
vider having generated the material if the user of the 
mobile station does not accept the material needed in 
the transaction for signature or if the PIN code input 
into the mobile station is incorrect. 

As compared with prior art, the invention has 
the advantage that it makes it easier to implement 
payment applications, verification operations and the 
like using a mobile station while at the same time 
providing a higher level of security for the users. 
The invention allows reliable use of a mobile station 
for accepting material needed in a transaction and for 
signing it digitally, allowing acceptance' and digital 



signature to be applied in conjunction with many dif- 
ferent applications . 



LIST OF ILLUSTRATIONS 

In the following, the invention will be de- 
scribed by the aid of preferred examples of its em- 
bodiments with reference to the attached drawing, 
wherein: 

Fig. 1 presents a preferred system according 
to the present invention; 

Fig. 2 presents a diagram of a preferred ar- 
rangement according to the present invention; and 

Fig. 3 presents a diagram representing a pre- 
ferred embodiment of the present invention. 

The system presented in Fig. 1 comprises a 
mobile communication network, a mobile station MS con- 
nected to it and a service provider SP . The mobile 
communication network may be e.g. a GSM network. The 
service provider may be a store, a bank, a parking fa- 
cility, a ticket office or any corresponding service 
provider. In practice, the service provider is con- 
nected to the mobile communication network via a ter- 
minal or server resembling a mobile station or via a 
combination of these. However, it will not be de- 
scribed here in detail because there are various de- 
vices obvious to the skilled person that the service 
provider can use as a link to the mobile communication 
network . 

The mobile station comprises a subscriber 
identity module SIM with a service application APP 
stored in it, said service application implementing 
the transaction at the mobile station end in coopera- 
tion with the service provider, and a display 2 for 
presenting the material to the user. Stored in the 
service application are also the encryption and de- 
cryption keys needed in the transaction. In addition, 
the service application has information regarding 
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other parameters and data structures used in the serv- 
ice . 

The mobile station presented in Fig. l fur- 
ther comprises means 3 for requesting the user's ac- 
ceptance of the material, means 4 for activating a PIN 
inquiry if the user accepts the material, means 5 for 
checking the PIN code supplied by the user for cor- 
rectness in the subscriber identity module, and means 
6 for encrypting and/or signing the material using the 
service application stored in the subscriber identity 
module if the PIN code given by the user is correct. 
Means 3, 4, 5 and 6 may be implemented in a suitable 
component in the mobile station or in the subscriber 
identity module, or some of them may be implemented as 
separate components in the mobile station and in the 
subscriber identity module. In system presented in 
this figure, the PIN code is checked for correctness 
in the subscriber identity module using means 5 and 
the material is also encrypted and/or signed in the 
subscriber identity module using means 6. 

The system illustrated in Fig. 1 further com- 
prises means for sending a reject message to the serv- 
ice provider having generated the material if the user 
of the mobile station does not consent to sign the ma- 
terial needed in the transaction. The corresponding 
system comprises means 8 for sending a reject message 
to the service provider having generated the material 
if the PIN code entered into the mobile station is in- 
correct. This alternative is optional, and the message 
can be sent e.g. when incorrect entries are to be re- 
corded in the system. In practice, this can be imple- 
mented by sending a message to the service provider 
after the user has entered an incorrect PIN code e.g. 
three times. The service provide.r can then take meas- 
ures to establish the authenticity of the user of the 
mobile station. 
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Fig. 2 presents a diagram visualizing an em- 
bodiment of the present invention. In the figure, the 
material DATA to be signed has been printed on the 
display of the mobile station 2, and the user may ei- 
ther accept or reject it. When the user presses the 
Accept button to indicate that he/she accepts the ma- 
terial DATA, the user's choice triggers the next ac- 
tion in the procedure. The text "PIN:?" appears on the 
display, asking the user to give a transaction- 
specific PIN code. After the user has keyed in a cor- 
rect PIN code, the service application APP (Fig. 1) 
performs the required operations on- the material and 
sends it to the service provider SP together with an 
accept message. If the user rejects the data, then a 
15 reject message is sent to the service provider. 

Fig. 3 presents a flow diagram representing a 
preferred embodiment of the invention. First, the ma- 
terial is transferred into the mobile station, block 
31. In the mobile station, the material is presented 
20 e.g. on the display 2 (see Fig. 1), block 32. At the 
same time, the user is asked whether he/she will ac- 
cept or reject the material, block 33. If the .user ac- 
cepts the material, then the procedure goes on to 
block 35, where the required actions for encrypting 
25 and/or signing the material are performed. After that, 
the material together with an accept message is sent 
to the service provider, block 36. If in block 3 3 the 
user rejects the material, then the procedure goes on 
to block 34 and a reject message is sent to the serv- 
3 0 ice provider. 

To sum up, it can be stated that the inven- 
tion significantly facilitates the operations to be 
carried out by a mobile station user in conjunction 
with a transaction made via a mobile station. The in- 
35 vention also improves the security of transactions 
made via a mobile station. In practice, the encrypting 
and signing procedures needed in the method of the in- 




vent ion are based on an application which is stored in 
the subscriber identity module and/or mobile station 
e.g. in a digital signal processor and which performs 
the required operations on the material after the user 
5 has accepted it. The material can be transmitted into 
the mobile station on the basis of an order made e.g. 
by telephone or over the Internet, in which case the 
acceptance of the material functions as a kind of ac- 
knowledgement to the service provider with whom the 

10 order was placed. Accepting the material may consti- 
tute an acknowledgement and approval of an order, of- 
fer, parking charge or any relevant service involving 
a transaction. 

The present invention is not restricted to 

15 the examples of its embodiments described above; in- 
stead, many variations are possible within the sphere 
of protection defined in the claims. 



CLAIMS 

1. Method for implementing a secure transac- 
tion using a mobile station comprising: 
a subscriber identity module, 

a service application stored in the sub- 
scriber identity module, said mobile station communi- 
cating with a service provider over a mobile communi- 
cation network, 

said method comprising the steps of: 

transferring the material needed in the 
transaction into the mobile station, and 

presenting the material on the mobile sta- 
tion, characterized in that the method fur- 
ther comprises the steps of: 

requesting the user's acceptance of the mate- 
rial , 

activating a PIN inquiry if the user accepts 

the material , 

checking the PIN code entered by the user for 
correctness in the subscriber identity module, and 

encrypting and/or signing the material using 
the service application stored in the subscriber iden- 
tity module if the PIN code given by the user is cor- 
rect . 

2. Method as defined in claim 1, charac- 
terized in that 

a reject message is sent to the service pro- 
vider having generated the material if the user of the 
mobile station does not accept the material needed in 
the transaction for signature. 

3. Method as defined in claim 1, charac- 
terized in that 

a reject message is sent to the service pro- 
vider having generated the material -if the PIN code in- 
put into the mobile station is incorrect. 

4. Method as defined in any one of the prece- 
ding claims 1, 2 or 3, characterized in that 



the material is composed using a pre-agreed 
form overlay provided with an identifier, in which the 
essential information is filled in before its being 
transferred into the mobile station. 

5. Method as defined in any one of the prece- 
ding claims 1, 2, 3, or 4, characterized in 
that 

the mobile station is started in signature 
mode before the material is transferred into the mobile 
station. 

6. Method as defined in any one of the preced- 
ing claims 1, 2, 3, 4 or 5, characterized in 
that 

the message is signed and/or encrypted using a 
public and private key method. 

7. System for implementing a secure transac- 
tion using a mobile station, said system comprising: 

a mobile communication network (MN) , 
a service provider (SP) communicating with the 
mobile communication network, 

a mobile station (MS) communicating with the 
mobile communication network (MN) and via ' the network 
with the service provider (SP) , said mobile station 
(MS) comprising: 

a subscriber identity module (SIM) , and 
a service application (APP) stored in the sub- 
scriber identity module (SIM) and a mobile station (MS) 
communicating with the service provider (SP) over the 
mobile communication network (MN) . 

means (1) for transferring the material needed 
in the transaction into the mobile station (1) , and 

means (2) in the mobile station (MS) for pre- 
senting the material, characterized in that 
the system further comprises: 

means (3) for requesting the user's acceptance 

of the material, 



means (4) for activating a PIN inquiry if the 
user accepts the material/ 

means (5) for checking the PIN code entered by 
the user for correctness in the subscriber identity 
module, and 

means (6) for encrypting and/or signing the 
material using the service application stored in the 
subscriber identity module if the PIN code entered by 
the user is correct. 

8. System as defined in claim 7, charac- 
terized in that the system further comprises: 

means (7) for sending a reject message to the 
service provider having generated the material if the 
user of the mobile station does not accept the material 
needed in the transaction for signature. 

9. System as defined in claim 7, charac- 
terized in that the system further comprises: 

means (8) for sending a reject message to the 
service provider having generated the material if the 
PIN code entered into the mobile station is incorrect. 

10. System as defined in any one of the pre- 
ceding claims 7, 8 or 9, characterized in 
that 

a pre-agreed form overlay provided with an 
identifier has been stored in the subscriber identity 
module, in which form overlay the essential information 
is filled in and which is used for presenting the mate- 
rial to the user. 

11. Mobile station for implementing a secure 
transaction, said mobile station (MS) comprising: 

a subscriber identity module (SIM) , and 

a service application (APP) stored in the 

subscriber identity module SIM , 

means (1) for receiving the material needed 

in the transaction into the mobile station (1) , and 



means (2) for presenting the material, 
characterized in that the mobile station 

further comprises: 

means (3) for requesting the user's acceptan- 
ce of the material, 

means (4) for activating a PIN inquiry if the 

user accepts the material, 

means (5) for checking the PIN code entered by 
the user for correctness in the subscriber identity mo- 
dule, and 

means (6) for encrypting and/or signing the 
material using the service application stored in the 
subscriber identity module if the PIN code entered by 
the user is correct. 

12. Mobile station as defined in claim 11, 
characterized in that the mobile station 

further comprises: 

means (7) for sending a reject message to the 
service provider having generated the material if the 
user of the mobile station does not accept the material 
needed in the transaction for signature. 

13. Mobile station as defined in' claim 11, 
characterized in that the system further 
comprises : 

means (8) for sending a reject message to the 
service provider having generated the material if the 
PIN code input into the mobile station is incorrect. 
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